I un-installed the chromium from Easy 0.9.6 PPM, restarted, then installed your chromium.pet and the apulse. Every thing works good. Still cannot get Chromium to work in a Container (for some reason, 'Easy Container Management' won't recognize chromium is installed, so that one could make a container for it and run it in that.

It's no biggie, though, I am using rufwoof's trick he mentioned, and I run the "Container Desk", then download your apulse.pet & chromium.pet, install them, and chromium runs great (with sound) while inside the 'Container Desk'. Hopefully that'll afford some protection if I come across something bad while browsing, since it'll be operating inside the container-desk.

Visualise a container as using the same base sfs, but having its own save area. When you install something in the main session then that's stored in the main sessions save area, which isn't visible by containers (that only see the base sfs + the containers own save area). If after installing into the main session you remastered a new base sfs, then containers would see the additional programs.

A problem is how can you install additional things into a container. That's easy in the desk container as its a full desktop setup, so you can run petget/PPM etc. inside that, but for other containers you'd have to manually copy files across.

Running chrome with --no-sandbox does remove much of Chrome's own internal security, but being in a container somewhat reinstates that security. Running a container as non-root should enable chrome to work as intended so you'd have both the internal chrome security and security of running inside a container. Barry however dropped being able to setup a container to run under a non-root userid, so AFAIK that isn't a current option._________________( ͡° ͜ʖ ͡°)﻿ :wqFatdog multi-session usbecho url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh

Running chrome with --no-sandbox does remove much of Chrome's own internal security, but being in a container somewhat reinstates that security. Running a container as non-root should enable chrome to work as intended so you'd have both the internal chrome security and security of running inside a container. Barry however dropped being able to setup a container to run under a non-root userid, so AFAIK that isn't a current option.

Note that the goal-posts will have shifted with the upcoming Easy 0.9.7, as have moved to using the 'pflask' utility to run containers.

It will have the option of running as user 'zeus' in a container, so hopefully will be able to run Chromium without needing that "--no-sandbox".

James is working on the next FatDog, I think that is 800? I told him about 'pflask' (container security and chroot utility) that I am now using in Easy, and he plans to use it also._________________https://bkhome.org/news/

James is working on the next FatDog, I think that is 800? I told him about 'pflask' (container security and chroot utility) that I am now using in Easy, and he plans to use it also.

Sounds good. Not sure that UML worked that well (I gave it a try some time back but from a cursory go it didn't work for me - but that was a very brief/quick trial).

Primarily I boot user running X, where chrome is pretty much my desktop (use it as a calculator, text editor, PDF viewer/creator, mp4 player, online email ...etc). Where user isn't in wheel (no su, gksu ... etc.) and is pretty well tied down. Chrome under OpenBSD is both pledged and unveiled ... so highly restricted both as to disk and memory access.

For root, I use just cli (tmux, mc). mc is also my primary file manager in X as well. I just have two windows, tmux and chrome running, both with their tabs and I alt-tab between those as user, ctrl-alt-F1 into root cli/tmux for root type actions. Normally both are maximised (unlike in the attached image). I use cwm as the window manager so no icons/taskbar etc. just a 1 pixel gap at the top of screen that right mouse shows a list of all windows, left mouse shows programs (lists). exec key and a couple of the letters of a program name is usually enough to filter down the exec list to the desired program to launch. Extremely minimalist, but highly functional. Works out to base OpenBSD + 83 additional libs/packages in total (most of which is chrome). Base OBSD includes a web server as well (that I have a ddns fixed domain name that directs to that).

pflask could make things similar to OpenBSD's pledged/unveiled chrome type lock-down, especially if it utilises its own X client/server. Will that be the case?

Easy 0.9.7 installed via EasyDD onto USB stick.............................. (hey, I have to ask: did you know when one uses EasyDD from inside any running Easy OS version, that once you open EasyDD & choose the gz.file and pick the correct USB stick, and hit "Continue", that the EasyDD popup disappers with no dialog and/or install status box pops up, and you're left to wonder what is going on? g. No finish popup, no communication popup, nothing. Yet, EasyDD installs the .gz file IF you know enough to wait however long despite being in the dark what is going on. Perhaps a dialog box of what's going on and when EasyDD is finished would be nice )

Anyhow, put 0.9.7 on USB stick, it booted up and everything is running good. Biggest thing for me is your Firefox.pet from ibiblio now has sound---YIPPIE!!!---sound both in a Container and/or outside it. This is huge, as Seamonkey sort of drives me nuts.

I then installed your Chromium.pet you compiled, along with your apulse.pet, and once again, it is impossible to set Chromium up in Easy 0.9.7 in a Container. Easy Container Management does not recognize Chromium is installed. Why? It recognizes when you install Firefox, but with Chromium, it is like the install of Chromium never took place. Strange.....

Overall, thanks for this latest edition and especially getting it out so early (was thinking you'd get it out next weekend, but you been uber busy & I was surprised checking murga today!).

Once the Chromium in a Container problem is licked, and maybe a few dialog boxes are added for a few other additional EasyOS programs (there are actually other programs that also have no dialog boxes after you open them & hit run, because once you run them, they disappear on the desktop (while still running) and you're left to guess what is going on)..once these are licked, EasyOS looks pretty darn good to me.

Easy 0.9.7 installed via EasyDD onto USB stick.............................. (hey, I have to ask: did you know when one uses EasyDD from inside any running Easy OS version, that once you open EasyDD & choose the gz.file and pick the correct USB stick, and hit "Continue", that the EasyDD popup disappers with no dialog and/or install status box pops up, and you're left to wonder what is going on? g. No finish popup, no communication popup, nothing. Yet, EasyDD installs the .gz file IF you know enough to wait however long despite being in the dark what is going on. Perhaps a dialog box of what's going on and when EasyDD is finished would be nice )

OK, I will look into that. It has been awhile since I used the GUI capability of easydd._________________https://bkhome.org/news/

I then installed your Chromium.pet you compiled, along with your apulse.pet, and once again, it is impossible to set Chromium up in Easy 0.9.7 in a Container. Easy Container Management does not recognize Chromium is installed. Why? It recognizes when you install Firefox, but with Chromium, it is like the install of Chromium never took place. Strange.....

Do it within the "desk" container. That is, click on "desk" icon, then over in the containerized-desktop, run the PPM and install Chromium PET. Works great, no extra deps needed.

What you would have done, is install Chromium to the host system, then copy it into a container. It would seem that that process has left something behind.

Ah, I wonder... it may be that it is trying to run chromium in the container without the "--no-sandbox". In that case, there is a manual fix, edit /usr/sbin/ec-chroot-chromium, append onto this line:

Code:

urxvt -name eclaunch -iconic -e ec-chroot chromium --no-sandbox

...just thinking this through hypothetically, haven't tried it.

Um, but that doesn't explain why it is not in the menu. If you go to /mnt/wkg/containers/chromium/.session, you will be able to see if the files got installed.

I had better check this out!

I am planning in the future to offer direct install to a container, but held off on implementing, as still thinking about some details._________________https://bkhome.org/news/

I un-installed the chromium from Easy 0.9.6 PPM, restarted, then installed your chromium.pet and the apulse. Every thing works good. Still cannot get Chromium to work in a Container (for some reason, 'Easy Container Management' won't recognize chromium is installed, so that one could make a container for it and run it in that.

It's no biggie, though, I am using rufwoof's trick he mentioned, and I run the "Container Desk", then download your apulse.pet & chromium.pet, install them, and chromium runs great (with sound) while inside the 'Container Desk'. Hopefully that'll afford some protection if I come across something bad while browsing, since it'll be operating inside the container-desk.

Right, getting the full picture now. Yes, "Filesystem --> Easy Container Management" has to be run to move an app into a container.

@belham2
Uninstall the PET, and install the new one, then it should be ok to "containerize'.

Conceptually wouldn't best-practice be to keep the main session as a not-used-for-internet (admin only) session i.e. can access HDD, moves files, admin the system/network etc. Boot, run through first-run-setup and then immediately make a snapshot of the desk container and use that desk container as your general daily session (browsing, playing video's etc.). In which case installing Chromium inside the desk container is the more appropriate choice anyway. i.e. start a 'clean' desk snapshot version, PPM (install) the chromium into that, close the desk container and create a new 'clean' snapshot (that also includes chromium). With data on HDD, booting (separate) system from USB and desk container having no access to the HDD (or main system), you're pretty immune from the likes of ransomware/other nasties that might come in over the net. And snapshots/rollbacks enable you to quickly/easily load up a clean desktop/browser (desk container) as often as you like._________________( ͡° ͜ʖ ͡°)﻿ :wqFatdog multi-session usbecho url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh

@belham2
Uninstall the PET, and install the new one, then it should be ok to "containerize'.

Thank you, Barry. Did as you said, and Chromium popped up inside "Easy Container Management" ready to be put into a Container---which I did. Runs great.

Only thing I changed is when the Container of Chromium was made, the icon that popped up on the desktop was the 16x16, with no purple-lock designating as a container item. Could barely see it, haha.

No problem, though, just grabbed a 48x48.png of
chromium, and then grabbed the ec-overlay48.png, opened them in Gimp, merged the layers, and voila, just like the rest of the desktop container items now.

With Seamonkey, Firefox and Chromium all in containers, plus the desktop and sakura, takes care of any/all website rendering and/or how I want to download something or if I want just one container of a browser reserved for special (i.e. fin'l things) items.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum